Trusted Computing Introduction PII Descartes (1641) The Matrix
This Particular University is Related to this Particular Journal
Descartes (1641) Meditations on First Philosophy Can we trust our senses What if everything we experience is a delusion created by an evil demon bent on deceiving us The Matrix Interest This is a question that has been weighing on Several computer companies How do you know that your computer is actually what it seems Hackers in addition to imitative programs Sensitive in as long as mation, keystrokes in addition to complete control
Trust in other software How can one program running on your computer trust another one What if the operating system has been subverted Anti Virus How would you warn the user Trust in you Movie studios, recording companies, Health care providers [ legitimate right ] Some in as long as mation is given based on trust in you Do you have control Real issues Viruses Trojans Spyware P2P networks Implications Implications as long as a P3P client Alterations of policy Lack of en as long as cement Advantages of a trusted client in addition to a trusted website component Many implications on privacy of sensitive in as long as mation
Trusted Computing Initiatives Trusted Computing Plat as long as m Alliance Trusted Computing Group Microsoft, Intel, IBM, HP, AMD Hardware + Software Attempt to build a trusted plat as long as m Foundation of Trust Descartes A secure reliable bootstrap architecture (1997) Bill Arbaugh, Dave Farber, Jonathan Smith Booting a machine into a known state Early PCs ROM BIOS in addition to no HDD Digital Rights Management OS Patent by Microsoft Paul Engl in addition to (Secure PC team leader) Foundation of Trust Ultimate aim is to end up in a known state Need as long as a core root of trust module Pre boot Core Root of Trust Post boot Known State
Trusted Computing Plat as long as m Alliance Mission Through the collaboration of HW, SW, communications, in addition to technology vendors, drive in addition to implement TCPA specifications as long as an enhanced HW in addition to OS based trusted computing plat as long as m that implements trust into client, server, networking, in addition to communication plat as long as ms. Replaced by Trusted Computing Group, but the TCPA specification was adopted by TCG as their specification. Patent licensing policy of TCG, all new work Compaq, HP, IBM, Intel, Microsoft Trusted Plat as long as m Module (TPM) v1.1 The TPM is a collection of hardware, firmware in addition to /or software that support the following protocols in addition to algorithms: Algorithms: RSA, SHA-1, HMAC R in addition to om number generation Key generation Self Tests The TPM provides storage as long as an unlimited number of private keys or other data using RSA PC Specific block diagram of TCG
Secure storage in TPM Seal in addition to Unseal which are simply front-ends to RSA encrypt in addition to decrypt But sealing encrypts the plat as long as m configuration register (PCR) values with the data. Unique identifier tpmProof. Conditions as long as unsealing data Appropriate key is available TPM PCRs must contain the same values as during sealing (implicit key in PCRs) tpmProof must be the same as during encryption Allows software to state the future configuration the plat as long as m must be as long as unsealing. Additional operation: Unbind Unbind decrypts a blob created outside the TPM where the private key is stored inside the TPM. A blob is data + header in as long as mation encrypted. Seal jet Blue customer data Can only be decrypted on the same plat as long as m Removes the possibility of data being accessed by different machines Types of keys Storage Root Key one as long as each TPM created at the request of the owner, migratable, unmigratable data Signing keys leaves of the storage root key hierarchy Storage keys used as long as the protected storage hierarchy only in addition to Binding keys Identity keys used as long as TPM identity Endorsement key pair asymmetric key pair generated by or inserted in the TPM as proof that it is genuine. One to one relationship between TPM in addition to endorsement key One to one relationship between TPM in addition to plat as long as m Endorsement key in addition to plat as long as m
Encryption Algorithms RSA algorithm (must) RSA key sizes of 512, 1024, in addition to 2048 bits. The RSA public exponent must be e, where e = 216+1 TPM storage keys must be equivalent to a 2048 bit RSA key Secure Hash Algorithm (SHA) -1 hash algorithm(160 bits) used in the early stages of the boot process (more complicated later) RSA as long as signature in addition to verification RNG capabilities -> only accessible to TPM comm in addition to s Key generation capabilities -> protected by a private key held in a shielded location Self tests Checks RNG Checks Integrity Registers Checks integrity of endorsement key pair by making it sign in addition to verify a known value Self checks the TPM microcode Checks Tamper-resistance markers On failure the part that failed enters shut down mode Self test procedure
Target of evaluation (TOE) The new version of TCG will have TPM as a monitoring module in addition to doesnt actually control the boot process Hardware, software in addition to firmware that comprise the TPM Identifies threats to the TOE: T.Attack, T.Bypass, T.Imperson, T.Malfunction etc . Each threat is explained in addition to the objective is explained in the specification, eg. O.Attack An example T.Export Threat description: A user or an attacker may export data without security attributes or with unsecure security attributes, causing the data exported to be erroneous in addition to unusable, to allow erroneous data to be added or substituted as long as the original data, in addition to /or to reveal secrets. Objective (O.Export): When data are exported outside the TPM, the TOE shall ensure that the data security attributes being exported are unambiguously associated with the data. Interesting use of user or an attacker here T.Replay Threat description: An unauthorized individual may gain access to the system in addition to sensitive data through a replay or man-in-the-middle attack that allows the individual to capture identification in addition to authentication data. T.Replay is countered by O.Single-Auth, which states: The TOE shall provide a single use authentication mechanism in addition to require re-authentication to prevent replay in addition to man-in-the-middle attacks.
TPM Block diagram Software Palladium – After the mythological statue that defended ancient Athens against invaders Microsoft has discontinued use of the code name “Palladium.” The new components being developed as long as the Microsoft® Windows® Operating System, are now referred to as the Next-Generation Secure Computing Base as long as Windows (NGSCB). Next-Generation Secure Computing Base as long as Windows
NGSCB Seal in addition to Unseal explained Nexus Computing Agents(NCA) Microsoft on applications Bryan Willman: Suppose you run a pharmacy company. When you test a new drug, of course it’s bad if someone has a bad reaction to the drug, but it’s much worse if someone tampers with that data so that your results are skewed. That means it’s critical that all test data is entered accurately in addition to no one tampers with it. NGSCB ensures that those files can’t be breached or modified in any way. Here’s another example. If you in addition to your doctor in addition to your pharmacist are communicating about a medical condition you have, you want to be sure that the in as long as mation you exchange is confidential in addition to true. Today you probably wouldn’t want to do that online from your home computer because with all that software that you in addition to your kids have loaded onto it, somewhere along they way it may have picked up a virus or two, so there’s no way to know as long as sure how safe your in as long as mation is. With NGSCB you use the right-h in addition to side, in addition to no matter what is happening on the left-h in addition to side, you can be sure that the data passed between you in addition to your doctor in addition to your pharmacist hasn’t been tampered with. Microsoft has a separate research area called Trustworthy Computing which is more towards what we define as trust Features described by Microsoft Memory Curtaining Secure Input in addition to Output Sealed Storage Remote Attestation <- the scariest The Battle has begun!
D, Amy Morning Show Host
D, Amy is from United States and they belong to WOOF-FM and they are from Dothan, United States got related to this Particular Journal. and D, Amy deal with the subjects like Entertainment; Music
Journal Ratings by Stratford College London
This Particular Journal got reviewed and rated by Stratford College London and short form of this particular Institution is GB and gave this Journal an Excellent Rating.